package org.apache.ignite.internal.client;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.concurrent.atomic.AtomicInteger;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.ignite.configuration.ConnectorConfiguration;
import org.apache.ignite.configuration.IgniteConfiguration;
import org.apache.ignite.internal.client.balancer.GridClientRoundRobinBalancer;
import org.apache.ignite.internal.client.impl.GridClientImpl;
import org.apache.ignite.internal.client.ssl.GridSslBasicContextFactory;
import org.apache.ignite.internal.util.typedef.G;
import org.apache.ignite.internal.util.typedef.X;
import org.apache.ignite.internal.util.typedef.internal.U;
import org.apache.ignite.testframework.GridTestUtils;
import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest;

/* loaded from: input_file:org/apache/ignite/internal/client/ClientTcpSslAuthenticationSelfTest.class */
public class ClientTcpSslAuthenticationSelfTest extends GridCommonAbstractTest {
    private static final int REST_TCP_PORT = 12121;
    private MockX509TrustManager srvTrustMgr = new MockX509TrustManager();
    private MockX509TrustManager clientTrustMgr = new MockX509TrustManager();
    private volatile boolean checkClient;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/ignite/internal/client/ClientTcpSslAuthenticationSelfTest$MockX509TrustManager.class */
    public static class MockX509TrustManager implements X509TrustManager {
        private static final X509Certificate[] EMPTY = new X509Certificate[0];
        private volatile boolean shouldFail;
        private AtomicInteger clientCheckCallCnt;
        private AtomicInteger srvCheckCallCnt;

        private MockX509TrustManager() {
            this.clientCheckCallCnt = new AtomicInteger();
            this.srvCheckCallCnt = new AtomicInteger();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void shouldFail(boolean z) {
            this.shouldFail = z;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.clientCheckCallCnt.incrementAndGet();
            if (this.shouldFail) {
                throw new CertificateException("Client check failed.");
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.srvCheckCallCnt.incrementAndGet();
            if (this.shouldFail) {
                throw new CertificateException("Server check failed.");
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return EMPTY;
        }

        public int clientCheckCallCount() {
            return this.clientCheckCallCnt.get();
        }

        public int serverCheckCallCount() {
            return this.srvCheckCallCnt.get();
        }

        public void reset() {
            this.shouldFail = false;
            this.clientCheckCallCnt.set(0);
            this.srvCheckCallCnt.set(0);
        }
    }

    protected void afterTest() throws Exception {
        assertEquals(0, this.srvTrustMgr.serverCheckCallCount());
        assertEquals(0, this.clientTrustMgr.clientCheckCallCount());
    }

    protected void beforeTest() throws Exception {
        this.srvTrustMgr.reset();
        this.clientTrustMgr.reset();
    }

    protected IgniteConfiguration getConfiguration(String str) throws Exception {
        IgniteConfiguration configuration = super.getConfiguration(str);
        configuration.setLocalHost(getTestResources().getLocalHost());
        if (!$assertionsDisabled && configuration.getConnectorConfiguration() != null) {
            throw new AssertionError();
        }
        ConnectorConfiguration connectorConfiguration = new ConnectorConfiguration();
        connectorConfiguration.setPort(REST_TCP_PORT);
        connectorConfiguration.setSslEnabled(true);
        connectorConfiguration.setSslClientAuth(this.checkClient);
        connectorConfiguration.setSslClientAuth(this.checkClient);
        GridSslBasicContextFactory sslContextFactory = GridTestUtils.sslContextFactory();
        sslContextFactory.setTrustManagers(new TrustManager[]{this.srvTrustMgr});
        connectorConfiguration.setSslContextFactory(sslContextFactory);
        configuration.setConnectorConfiguration(connectorConfiguration);
        return configuration;
    }

    private GridClientImpl createClient() throws Exception {
        GridClientConfiguration gridClientConfiguration = new GridClientConfiguration();
        gridClientConfiguration.setServers(Arrays.asList(U.getLocalHost().getHostAddress() + ":" + REST_TCP_PORT));
        gridClientConfiguration.setBalancer(new GridClientRoundRobinBalancer());
        GridSslBasicContextFactory sslContextFactory = GridTestUtils.sslContextFactory();
        sslContextFactory.setTrustManagers(new TrustManager[]{this.clientTrustMgr});
        gridClientConfiguration.setSslContextFactory(sslContextFactory);
        return GridClientFactory.start(gridClientConfiguration);
    }

    public void testServerAuthenticated() throws Exception {
        checkServerAuthenticatedByClient(false);
    }

    public void testServerNotAuthenticatedByClient() throws Exception {
        try {
            checkServerAuthenticatedByClient(true);
        } catch (GridClientDisconnectedException e) {
            assertTrue(X.hasCause(e, new Class[]{GridServerUnreachableException.class}));
        }
    }

    public void testClientAuthenticated() throws Exception {
        checkClientAuthenticatedByServer(false);
    }

    public void testClientNotAuthenticated() throws Exception {
        try {
            checkServerAuthenticatedByClient(true);
        } catch (GridClientDisconnectedException e) {
            assertTrue(X.hasCause(e, new Class[]{GridServerUnreachableException.class}));
        }
    }

    private void checkServerAuthenticatedByClient(boolean z) throws Exception {
        this.checkClient = false;
        this.srvTrustMgr.shouldFail(false);
        this.clientTrustMgr.shouldFail(z);
        startGrid();
        try {
            GridClientImpl createClient = createClient();
            Throwable th = null;
            try {
                try {
                    createClient.compute().refreshTopology(false, false);
                    if (createClient != null) {
                        if (0 != 0) {
                            try {
                                createClient.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            createClient.close();
                        }
                    }
                    assertEquals(0, this.srvTrustMgr.clientCheckCallCount());
                    assertEquals(1, this.clientTrustMgr.serverCheckCallCount());
                } finally {
                }
            } finally {
            }
        } finally {
            G.stopAll(false);
        }
    }

    private void checkClientAuthenticatedByServer(boolean z) throws Exception {
        this.checkClient = true;
        this.srvTrustMgr.shouldFail(z);
        this.clientTrustMgr.shouldFail(false);
        startGrid();
        try {
            GridClientImpl createClient = createClient();
            Throwable th = null;
            try {
                try {
                    createClient.compute().refreshTopology(false, false);
                    if (createClient != null) {
                        if (0 != 0) {
                            try {
                                createClient.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            createClient.close();
                        }
                    }
                    assertEquals(1, this.srvTrustMgr.clientCheckCallCount());
                    assertEquals(1, this.clientTrustMgr.serverCheckCallCount());
                } finally {
                }
            } finally {
            }
        } finally {
            G.stopAll(false);
        }
    }

    static {
        $assertionsDisabled = !ClientTcpSslAuthenticationSelfTest.class.desiredAssertionStatus();
    }
}
